Αναβάθμιση στην εκδοση Rosa (17.3) Νεα Χαρακτηριστικά της Ρόζας Νέο επίσημο κανάλι στο irc
$dbuser = 'lms14';$dbpasswd = 'upMint';
ή έτσι για να το παίξουμε hackerαδες, αφού βρήκαμε την αδυναμία, ας του δώσουμε να καταλάβει.
Σαν διαχειριστές λοιπόν άλλαξαν ένα Link ώστε να δείχνει σε ένα παραβιασμένο υπολογιστή στην Βουλγαρία. Αν μπορείς να το κάνεις αυτό μπορείς να αλλάξεις και το md5 μιας και είναι απλό κείμενο. Δεν ξέρω αν το έκαναν.
The fake ISO in Sofia, the OS backdoor in Sofia also, the guy accessing our server via the second backdoor from Russia, but when you look at a hole and see somebody looking at you, you need to figure out who knows more than the other, and if we’re reacting to their actions it was pretty clear we had to take everything down. The hacker from Russia (could be a VPN of course) even DDOSed my personal IP to prevent me from taking the site down. He also took down part of his set up since
We found an uploaded php backdoor in the theme directory of a wordpress installation, which was 1 day old and had no plugins running. The theme was new but most importantly I think we had lax file permissions on this. This was only set up hours before the attack but we were probably scanned for something like this for a while. Anyhow, we don’t know yet how it was uploaded but we know it happened there, and I’m certainly not pointing the finger at anybody. People just asked if we were running wordpress or if wordpress was used in the attack and I answered yes.
We’ve a bit more information about it now and we think it’s a single individual with no funding behind the attack. We’ll pass the relay to a security firm now.]
We’re still looking into that backdoor. We’ve got the code for it, we know what it does, we think it portrays itself as being apt-cache and we don’t know everything about it just yet. It’s important we do before messing with it remotely.
The dump which was left behind was of the forums user table. That said, they had access to our server so it’s possible they looked at donation data.
I did check the snapshots on wayback.org (web archive) of the downloads page and didn't find earlier modifications of the download links on that either the attacker only had access to the server on which the wordpress website and phpbb forum were hosted; repositories and ISOs are stored on other servers, in other data centers.